tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kurt, Oliver" <Oliver.K...@opendata.de>
Subject AW: JDBC Realm documentation
Date Mon, 18 Dec 2000 15:06:45 GMT
Okay then let me explain what I did and what didn't work....

1.) I followed the instructions in the jdbc-realm howto (what means, that i
created the tables in the database and commented the line
"org.apache.tomcat.request.SimpleRealm" and inserted the following:

	<RequestInterceptor 
		className="org.apache.tomcat.request.JDBCRealm"
	     	debug="99"
	     	driverName="oracle.jdbc.driver.OracleDriver"
     		connectionURL="jdbc:oracle:thin:@c_mgeiss:1521:testdb"
	     	connectionName="utest"
	     	connectionPassword="utest"
	    	userTable="users" 
	    	userNameCol="user_name" 
	    	userCredCol="user_pass"
	     	userRoleTable="user_roles" 
	     	roleNameCol="role_name" />

2.) Now I thought the web.xml file has to be modified, so I added the
following lines (which I found in an old mail from this list):

<security-constraint>
   <web-resource-collection>
      <web-resource-name>WebApp</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
   </web-resource-collection>
   <auth-constraint>
      <role-name>admin</role-name>
   </auth-constraint>
 </security-constraint>

 <login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>okurt</realm-name>
 </login-config>

3.) but when I try to access an arbitrary jsp file in my tomcat\webapps\test
directory, the jsp file is display. And no security-check is done.


That was the reason, why I thought that the web.xml file has to contain some
parameter-tags for security checking.
If the web.xml file needn't to be modified, what to do else?





-----Urspr√ľngliche Nachricht-----
Von: Nacho [mailto:nacho@siapi.es]
Gesendet: Montag, 18. Dezember 2000 15:46
An: 'tomcat-user@jakarta.apache.org'
Betreff: RE: JDBC Realm documentation


> 
> Hi again,
> 
> it's actually pretty bad that there are no docs at all.
> 
> I think my main problem are the entries in the web.xml file, which are
> unfortunately not described in the howto file (I do know that this is
> described in the servlet-api-specification, but this is not 
> very clear to
> me). 

This is unrelated to JDBCRealm itself, and the only and best doc is the
spec itself, or you can buy some books on that, or try to review
examples context web.xml for a good example of almost everything web.xml
can have, or you can post here your questions and people will help you.


> It would be very nice if someone can post the basically 
> needed entries in
> the web.xml file for a JDBCRealm.

Nothing so far not need for a regular application that uses Container
managed security, JDBRealm only plays a role of providing the
credentials for users, the very same that SimpleRealm &
conf/tomcat-users.xml do for examples context, there is nothing that
need to know about JDBCRealm to write a correct web.xml for your webapp.

> 
> Thanks in advance
> Oliver Kurt
>  

Saludos ,
Ignacio J. Ortega

Mime
View raw message